美文网首页
Ca 使用指南

Ca 使用指南

作者: 冰冰大象 | 来源:发表于2020-11-16 09:51 被阅读0次

初始化根ca

# 独立在某一台服务器上 192.168.8.131
fabric-ca-server start -b admin:pass -p 7064 --cfg.affiliations.allowremove  --cfg.identities.allowremove

启动中间ca

# 在另外一台机器上指根CA 服务器地址
fabric-ca-server start -b admin:pass  -u http://admin:pass@192.168.8.131:7064 --cfg.affiliations.allowremove  --cfg.identities.allowremove

生成中间ca 证书

fabric-ca-client enroll -u http://admin:pass@localhost:7054 -H `pwd`/ca_admin
#添加组织
#移除系统原有的org1和org2
fabric-ca-client -H `pwd`/ca_admin  affiliation remove --force  org1
fabric-ca-client -H `pwd`/ca_admin  affiliation remove --force  org2
# 添加证书org1
fabric-ca-client  -H `pwd`/ca_admin  affiliation add com 
fabric-ca-client  -H `pwd`/ca_admin  affiliation add com.example
fabric-ca-client  -H `pwd`/ca_admin  affiliation add com.example.org1
#查看证书org1
fabric-ca-client  -H `pwd`/ca_admin  affiliation list

验证一下证书

openssl verify -verbose -CAfile rca_admin/msp/cacerts/localhost-7064.pem ca_admin/msp/cacerts/localhost-7054.pem
###返回OK 表示localhost-7054.pem 证书是由localhost-7064.pem  这个根证书进行签发
ca_admin/msp/cacerts/localhost-7054.pem: OK

注册排序节点Admin@example.com用户

#生成Order的MSP
fabric-ca-client enroll -M `pwd`/ordererOrganizations/example.com/msp  -u http://admin:pass@localhost:7054 -H `pwd`/ca_admin
#注册Order的管理员 注意这里管理员必须有ca管理员注册
fabric-ca-client register  --id.name Admin@example.com --id.type client --id.affiliation "com.example" --id.attrs '"hf.Registrar.Roles=client,orderer,peer,user","hf.Registrar.DelegateRoles=client,orderer,peer,user",hf.Registrar.Attributes=*,hf.GenCRL=true,hf.Revoker=true,hf.AffiliationMgr=true,hf.IntermediateCA=true,role=admin:ecert'  --id.secret=password   -H `pwd`/ca_admin
#生成Order的管理员Admin@example.com的MSP
fabric-ca-client enroll -u http://Admin@example.com:password@localhost:7054   -M `pwd`/ordererOrganizations/example.com/users/Admin@example.com/msp
#最重要一点将Admin@example.com配置为Order的管理员
mkdir ordererOrganizations/example.com/msp/admincerts/
cp ordererOrganizations/example.com/users/Admin@example.com/msp/signcerts/cert.pem ordererOrganizations/example.com/msp/admincerts

mkdir ordererOrganizations/example.com/users/Admin@example.com/msp/admincerts
cp ca_admin/msp/signcerts/cert.pem ordererOrganizations/example.com/users/Admin@example.com/msp/admincerts/

#注册Order用户 注意这里的Order用户 是有Order 管理员Admin@example.com 注册的
fabric-ca-client register  --id.name orderer.example.com --id.type orderer --id.affiliation "com.example" --id.attrs '"hf.Registrar.Roles=orderer","hf.Registrar.DelegateRoles=orderer",hf.Registrar.Attributes=*,hf.GenCRL=true,hf.Revoker=true,hf.AffiliationMgr=true,hf.IntermediateCA=true,role=admin:ecert'  --csr.cn=orderer.example.com --csr.hosts=['orderer.example.com'] --id.secret=password   -H `pwd`/ordererOrganizations/example.com/users/Admin@example.com
fabric-ca-client enroll -u http://orderer.example.com:password@localhost:7054 -M `pwd`/ordererOrganizations/example.com/orderers/orderer.example.com/msp
#注意权限归属
mkdir  `pwd`/ordererOrganizations/example.com/orderers/orderer.example.com/msp/admincerts
cp ordererOrganizations/example.com/users/Admin@example.com/msp/signcerts/cert.pem ordererOrganizations/example.com/orderers/orderer.example.com/msp/admincerts

注册组织1

#于注册Order节点 完全一致
fabric-ca-client enroll -M `pwd`/peerOrganizations/org1.example.com/msp  -u http://admin:pass@localhost:7054 -H `pwd`/ca_admin

fabric-ca-client register  --id.name Admin@org1.example.com --id.type client --id.affiliation "com.example.org1" --id.attrs '"hf.Registrar.Roles=client,orderer,peer,user","hf.Registrar.DelegateRoles=client,orderer,peer,user",hf.Registrar.Attributes=*,hf.GenCRL=true,hf.Revoker=true,hf.AffiliationMgr=true,hf.IntermediateCA=true,role=admin:ecert'  --id.secret=password   -H `pwd`/ca_admin

fabric-ca-client enroll -u http://Admin@org1.example.com:password@localhost:7054   -M `pwd`/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp

mkdir peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/admincerts/

cp ca_admin/msp/signcerts/cert.pem peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/admincerts/

mkdir peerOrganizations/org1.example.com/msp/admincerts/

cp peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/cert.pem  peerOrganizations/org1.example.com/msp/admincerts

fabric-ca-client register  --id.name peer0.org1.example.com --id.type peer --id.affiliation "com.example.org1" --id.attrs '"hf.Registrar.Roles=peer","hf.Registrar.DelegateRoles=peer",hf.Registrar.Attributes=*,hf.GenCRL=true,hf.Revoker=true,hf.AffiliationMgr=true,hf.IntermediateCA=true,role=admin:ecert' --csr.cn=peer0.org1.example.com --csr.hosts=['peer0.org1.example.com'] --id.secret=password   -H `pwd`/peerOrganizations/org1.example.com/users/Admin@org1.example.com

fabric-ca-client enroll -u http://peer0.org1.example.com:password@localhost:7054  -M `pwd`/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp

mkdir  `pwd`/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/admincerts

cp peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/cert.pem `pwd`/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/admincerts

相关文章

网友评论

      本文标题:Ca 使用指南

      本文链接:https://www.haomeiwen.com/subject/glgpbktx.html

      延伸阅读

      深度阅读

      • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

      栏目导航

      热点阅读

      关于我们|服务条款|联系我们|Ca 使用指南|投稿指南|网站地图|RSS订阅|排版工具|手机版

      提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

      Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

      备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

      本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

      所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!